
% Office | 



PRIORITY 
DOCUMENT 

SUBMITTED OR TRANSMITTED IN 
COMPLIANCE WITH RULE 17.1(a) OR (b) 



PCT/GB 200i / 0 0 4 7 D 1 



it 




INVESTOR IN PEOPLE 



The Patent Office 
Concept House 
Cardiff Road 
Newport 
South Wales 
NP10 8IQQ 




I, the undersigned, being an officer duly authorised in accordance with Section 74(1) and (4) 
of the Deregulation & Contracting Out Act 1994, to sign and issue certificates on behalf of the 
Comptroller-General, hereby certify that annexed hereto is a true copy of the documents as 
originally filed in connection with the patent application identified therein. 



In accordance with the Patents (Companies Re-registration) Rules 1982, if a company named 
in this certificate and any accompanying documents has re-registered under the Companies Act 
1980 with the same name as that with which it was registered immediately before re- 
registration save for the substitution as, or inclusion as, the last part of the name of the words 
"public limited company" or their equivalents in Welsh, references to the name of the company 
in this certificate and any accompanying documents shall be treated as references to the name 
with which it is so re-registered. 



^accordance with the rules, the words "public limited company" may be replaced by p. I.e. , 
lb, P.L.C. or PLC. 




gistration under the Companies Act does not constitute a new legal entity but merely 
ts the company to certain additional company law rules. 



Signed 




Dated 18 November 2004 




EST AVAILABLE COPY 



.0S-NCU-E093 12: IS FROM: ORIGIN LONDON 



PE 



0 6 NOV 2003 

RECEIVED BY FAX 



06iiOV03 E849910-1 Q10092. 
P01/7700 0.00-0325^3=7 




The 

Patent 
Office 



Request for grant of a 
Patent 



MSN ,,n,n ' T 



Form 1/77 



Patents Act 1977 



1 Title of Invention 

Secure multi-laser access to phones 



2. Applicant's details 

pK] First or only applicant 

If applying as a corporate body: Corporate Nam$ 

Intnwave Limited 



2a 



Country 
GB 



2b 



tf applying as an individual or partnership 
Surname 



2c 



Forenames 



Address 



Steim Court 
The Broadway 

Maidenhead 
Berkshire 



UK Postcode SL6 1NJ 



Country 



GB 



ADP Number &bOO 



Kto-iNuv-c^feajs l^:ib h RDM: ORIGIN LONDON +44-E07E0e0643 TO: +01633 BI4444 P.033^00B 




06-NOU-E093 IB: IS FROM: ORIGIN LONDON 



4 Reference Number 

Access Control (UK) 



5 Cledmtng an earlier application date 
An earlier filing date is claimed: 
Yes^ No H 

Number of earlier 
application or patent number 

Filing date 



15 (4) (Divisional) 8(3) 

□ □ 



12(6) 37(4) 

□ □ 



6 Declaration of priority 



County of filing Priority Application Number Filing Date 




[0085077-; t^rNpv^O^Etlfr \ 



06 r NOU-E003 12:16 FRUM: ORIGIN LONDON +44-207E030643 TO: +01 633 014444 P. 035^005 




Inventorship 

The applicants) ana the sole inventors/joint inventors 
Yes □ NO [X] 



8 Checklist 



Claims 



Abstract 0 



Continuation sheets 



Description 
Drawings 



3 th 
0 



Priority Documents .yeS^Np 



Translations of Priority Documents 

Patents Form 7/77 
Patents Form 9/77 



Patents Form 10/77 




9 Request 



We request the grant of a patent on the basis 
of this application 

(Origin Limited) 



-NOU-E003 12:16 FROM: ORIGIN LONDON +44-3372090643 TO: +01 6^5 tilWR r.««»'io» 



9 



SECURE MULTI-USER ACCESS TO PHONES 



Name: 



A method and architecture for providing secure multi-user access to smartphones, or 
other voice and data-enabled mobile devices. 



Summary: 

Smartphones are an emerging cl^ss of mobile device that combine mobile voice and data 
features into a phone-style device together with an operating system that enables flew 
software applications tn be installed and run. Current popuk* smartphonc opeuadng 
systems are Symbian, Stmurtphonc 2003 and PalmOS. Operating sysmms are cwaeniiy 
designed as single-user operating systems SO are optimised for use by * single usee 
However, smartphones could be made much more useful by allowing secure access for 
multiple users. Far example, a business user wants secure access foi his personal data 
but may want to allow his IT department access to corporate information and bis 
network operator secure access to network settings and information. This is not possible 
with smattphone operating systems - each different user win have access to aU the 
information the other users have access to. 

Hie obvious way of solving this problem is to make ttos phone operating system secure 

and to support multi-user access, as has been done with operating systems on PCs. This 
can provide multi-user access to a phone but has the following limitations: 

1 . this cannot solve die problem of the installed base of usees that already have a 
sm&rtphofls 

2. this does not provide a best security using a software only solution using the 

piionc operating system 

TWs invention also provides multi-user secure access as changes to tfce phone OS may 
do in fee future but also solves the two other problems outlined above It does this by 
providing software components daat can be installed onto die existing smartphones to 
solve problem V To solve problem 2 the software interfaces into the highly-secure SIM 
card that is built into every smartphone. This provides a much greater level of security 
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than is possible using just software ^ fi SXM-cwxl hardware token, combined with strong 
encryption provides a stroog level of authentication. 

The invention consists of a means of defining a use* identity,, a mesma of passing the user 
identity securely between mobile devices and software conjpooents, and a n*eao$ of 
defining ike access rights of different users to> different resources on the device. Hence, 
the invention essentially provides a means of midti-idfcndty data caging and a secufi e 
means of passing -the identity token around software components that may be on the 
mobile device, q% tending dsewlxcsr in the network. 

Ia this new? 

* • 

We fire m>t aware of anyone doing anything similar. Symbian haves done a lot of work on 
"Jetstream" for security around Syopbiao OS. which may mean they have applied foe 
patents in the area. However^ we believe all of their work has been around the idea of 
data caging to allow, or not allow, trusted applications to access specific resources,. We 
do not think they have done anything around using user identity as a basis for this as 
Symbian OS is designed as a single-user OS, as are PalmOS and SmartPbone 2003. 

What problem does tkia solve? 
Sec summary and variations. 

■ 

Why is it not obvious to someone who ia skilled in software development for 

■ 

Obvious solution would a secure OS-based sobmon^ as this is the way the solution has 
been implemented fo& PCs. This soluti on hi nc&rel hecsnae It rcprf? tibc^otebns solution 
ia Jkvour of sn integrated ccmpn.7i^nt Sylntifm that pxarrxdos a better splutiba to mobile 
ds r y i s s s Ih^r esx*s £ 
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• It utilises the SJM card reader that is bulk into The phones to provide a greater 
level of security 

A similar problem wag solved » the early 8ffs by Novell, when PCs -were first 
networked. They needed to apply the same concepts -when creating a network operating 
system. However, this has never been done for mobile devices because mobile devices 
have never been considered as muM-wct devices, tiicy arc always considered to be 
personal devices. 

Variations and Related Ideas 

We arc currently implementing security "without i&e SJM card reader, aa this will take 
some considerable work as part of our m-Secure initiative to be ^reduced to practice' 
over the next few years. Hence, we may need to consider die following variations in the 
first instance 

• Restricting the current patent to something like "A method of allowing multi- 
user access to computing resources on a single-user Operating System, mobile 
device. Ibis will protect us from mrix competitors but not against Symbian, 
Microsoft, Palm or others implementing these features in their OS in the future. 
However, it would provide us with some useful protection, ahead of us fully 
implementing a solution based on using the SIM card on the device. 

• Trying to gain a more general patent around solving the problem, which we are 
not aware of anyone considering today, of "Providing secure multi-user access to 
different computing resources on mobile devices". The mrix security approach 
currently does this. 
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